Does Your Government Website Use SSL? Here’s Why It Should.

While browsing the web, you’ve probably noticed that some website URLs start with “http” while others start with “https”. The extra “s” may seem small, and perhaps barely noticeable to the less savvy user, but that little letter has big implications on website security.

So, what does the extra “s” mean, and why should government agencies care?

The “s” in “https” means that a user’s connection to a website is secure, and any information exchanged between the web server and browser is automatically encrypted and therefore safe from data tampering, hacking, and other digital transgressions. The technology that powers that small but mighty “s” is called SSL – or secure sockets layer – and it is a security certification widely used by online retailers, banks, and is becoming increasingly common in government.

Think of a government website. Citizens often come to a government website to complete specific tasks that require them to provide personal information through web pages and forms. Such tasks might include submitting credit card information to register the kids for summer camp, setting up a username and password, submitting banking information for online bill pay, or even providing social security numbers for certain government forms. Without a secure “https” connection, such data could be at risk of being intercepted by hackers – therefore, SSL is critical to protect citizens’ digital transactions.

While SSL is important for the security benefits mentioned above, it can also provide other advantages for government agencies. SSL can help positively influence brand perception and reputation, restoring the public’s confidence and trust in the agency. It can also help improve SEO and drive more traffic through organic search, as websites under the “https” protocol rank higher in Google search than those on the non-secure “http” protocol.

With all the security, reputation, and SEO benefits, it’s no surprise that more and more websites are implementing SSL – a trend that is only expected to grow in the coming months and years. In fact, Google Chrome – the most widely used browser in the world – has been moving toward SSL security standardizations for years and is rolling out some key milestones in the second half of 2018.

Although Google Chrome’s security changes are gradual, the Chrome 68 release this July will be a significant one, as the browser will begin to mark “http” websites (those without SSL) by planting a “not secure” warning in the URL address bar. See below for a snapshot of what this will look like come July 24, 2018.

Following the July updates, in September Google will release Chrome 69 and start branding secure “https” websites with a neutral marker instead of one that affirmatively notes a secure website. To do this, they will drop the green “secure” text from the address bar for “https” websites and instead only show a small padlock icon.

Then in October, the Chrome 70 release will tag any “http” website with an insecure icon – a small red triangle – and the warning text “not secure” in the address bar as soon as a user interacts with any input field, such as attempting to enter a username, password or credit card information.

Beyond the Chrome 70 release, Google’s long-term plan is to eventually mark all websites that remain on the “http” protocol as affirmatively non-secure. Although the timeline for getting to this final stage is yet to be determined, it is clear that Google is pushing all websites toward adoption of “https” through SSL certification.

So why wait? Find out if your website has SSL today. As a first step, simply look at your website’s URL. If it starts with “https” then it already has SSL enabled and you are set for all the upcoming Google Chrome changes – remember, it’s that extra “s” that notates a secure SSL certified website. You might also want to check if your agency already has an SSL certificate since sometimes certificates are purchased but never implemented or are only enabled on certain pages but not the entire website. To find out, use this free SSL scanner.

If your website’s URL is “http” then it does not have SSL enabled and you’ll need to take action to ensure your website is prepared for the upcoming Google Chrome security changes.

If you are a Granicus website customer using the newly acquired VisionLive CMS, we can help! Our team manages certificates for hundreds of government websites, so you’ll benefit from our expertise and processes around securing the SSL certificate and applying it to your website(s) and ensuring it never expires. Please contact our support team to learn about our SSL services and current discounted pricing. You can reach us at vision.support@granicus.com or 310-656-3100.